Integrating LDAP into uPortal
Integrating LDAP into uPortal
Many institutions have user and group information that is not under the control of the portal, but through one or more directory services, such as an LDAP server. Configuring uPortal to us an LDAP server is a several step process which involves editing several properties files. The properties files can be found in the properties
subdirectory under the uPortal build directory (for example, uPortal_rel-2-5-1/properties
).
- Configure security.properties
Edit the security.properties file. Find the following line:
root=org.jasig.portal.security.provider.SimpleSecurityContextFactory
Comment this line out and add the following line:
root=org.jasig.portal.security.provider.SimpleLdapSecurityContextFactory
- Configure ldap.properties
Edit the ldap.properties file. You will need to configure this file to match your LDAP server.
Change the ldap.host value, for example:Change the port number if necessary.ldap.host=ldap.cornell.edu
Change the ldap.baseDN value, for example:Change the uid attribute if necessary.ldap.baseDN=o=Cornell University,c=US
You may also need to add values forldap.uidAttribute=netid
ldap.managerDN
andldap.managerPW
if your server does not allow anonymous binds. - Configure PersonDirs.xml
Edit the PersonDirs.xml file. You will need to configure this file to match your LDAP server just like you did for the ldap.properties file. Find the section with the LDAP properties heading. Uncomment the section and modify the section as appropriate for your LDAP server. For example;Find the section for configuring JDBC and comment out that section.<url>ldap://ldap.cornell.edu:389/o=Cornell University,c=US</url> <logonid></logonid> <logonpassword></logonpassword> <uidquery>(cn={0})</uidquery> <usercontext></usercontext>
Change the attributes values as necessary. - Restart the application.
Typeant deploy
from the build directory and then restart your servlet container.
Authentication from multiple sources
Even if uPortal is configured to use LDAP for primary authentication, it can be configured such that authentication can occur either from the LDAP directory or the uPortal database.
Edit the security.properties file. In this case, you need to use the UnionSecurityContextFactory
by setting the properties as follows:
root=org.jasig.portal.security.provider.UnionSecurityContextFactory root.ldap=org.jasig.portal.security.provider.SimpleLdapSecurityContextFactory root.simple=org.jasig.portal.security.provider.SimpleSecurityContextFactory